RE: namedroppers, continued
Every domain would have to have a public key that the public could find. Then every mailserver would have to check every message. And spammers could still send spam, because they are authorized to send email from some ISP, using that ISP's domain, and that ISP mailserver will sign their email. Spam isn't a security problem that can be solved technically. Spam is the exact same problem as when Randy Bush harrasses someone by abusing his privileges as administrator. There isn't a technical solution, other than removing the privileges. Then the new administrator could abuse the privileges, if they were so inclined. There isn't a technical way to give someone privileges that they can't abuse, if so inclined. --Dean On Fri, 6 Dec 2002, Fred Baker wrote: [ post by non-subscriber. with the massive amount of spam, it is easy to miss and therefore delete posts by non-subscribers. if you wish to regularly post from an address that is not subscribed to this mailing list, send a message to listname[EMAIL PROTECTED] and ask to have the alternate address added to the list of addresses from which submissions are automatically accepted. ] At 08:28 AM 12/2/2002 -0800, Hallam-Baker, Phillip wrote: The only way to resolve this issue properly would be to require every submission to an IETF mailing list to be cryptographically signed (PGP or S/MIME), to require the subscribers to register their signing key and to then filter the mail sent out on the list so that only signed mail gets through. I would be in favor of that, personally, as long as we can ensure that the appropriate signature facility (be it RSA, PGP, or whatever) is freely available to all who need to use it. The issue here is not us corporate types who have a business reason to buy the software, it is the students who often lack the funds. The big issue would be the procedures for posting one's key to the appropriate place - what is to stop a spammer from posting a key and sending the spam anyway? I'm not proposing a mechanism, but someone who is good at such things might well find it of value. It doesn't address the off topic issue. As you say, that could be left to a working group chair equiped with formal procedures developed by consensus within the work group or adopted by the working group from a more general place (ie, the IETF could suggest a procedure, and the WG could adopt it if it didn't feel another procedure would be better). I have had a private exchange, over the past few days, with someone who wished that the IETF would please document some good spam-elimination procedure, so that it could be used world-wide to completely eliminate spam. I think that boils down to provide a global PKI in this solution, and presumes that spammers are incapable of using one. That might be a great research topic. Too bad nobody has ever thought of it before; we could really use the outcome of that research. (OK, so it's a lame attempt at humor...) I think it was Steve Bellovin that suggested a procedure for reducing the utility of spoofing source addresses in emails; if not, it was me and I happened to suggest something his favorite algorithm fit into, by having a host in each mail domain (mailid.example.com) be able to assert that its domain had or had not sent an email within a given recent time period whose MD5 hash, when divided by vector of prime numbers resulted in vector of remainders. I could write that up in an internet draft if folks think it makes sense. That would be a more global procedure that didn't require a PKI and only addressed spoofed addresses. -- to unsubscribe send a message to [EMAIL PROTECTED] with the word 'unsubscribe' in a single line as the message text body. archive: http://ops.ietf.org/lists/namedroppers/
RE: namedroppers, continued
And how much before Randy was moderator? I'm on other large, subscriber-restricted, public lists, where this isn't a significant problem. --Dean On Fri, 6 Dec 2002, Hallam-Baker, Phillip wrote: How much spam is going to namedroppers? Well none since Randy Bush and a bunch of others turned on the moderator bit. The problem here is that having Randy Bush moderate is not a scalable solution to the problems of Spam in general. Phill
RE: namedroppers, continued
--On Friday, 06 December, 2002 16:22 -0700 Vernon Schryver [EMAIL PROTECTED] wrote: From: Marc Schneiders [EMAIL PROTECTED] ... It might be easier to write a new protocol to succeed email, instant messaging, mobile phones (something useful in itself) with built-in abuse control from the start. That's another stupid crackpot spam solution that just won't go away. You cannot have abuse control built into a protocol that allows strangers to send each other mail. Any mail protocol that lets you receive mail from a stranger must also let the stranger send the same message to you and to 30,000,000 of your closest friends. On the other hand, if you want to only accept mail from people who are not strangers, you can use any of the many official and ad hoc SMTP extensions to ensure you only receive mail from them. If your computer system, mail protocol, or whatever knows that a stranger is not a spammer, then the stranger is not really a stranger. Actually, Vernon, there is a well-known, established implementation of this approach. It depends on no one being able to deliver mail to anyone else except through a network of trusted intermediaries, who are interconnected with bilateral agreements. Each of those intermediaries is essentially required to authenticate any user sending a message, which they naturally tend to do because the system strongly assumes a per-message and per-recipient charging model with settlements between the originating and receiving intermediary systems. If spammers tried to use it, they would rapidly become discouraged, first of all because the per-message charging would destroy their free to us, steal resources from others business model and second because the accounting and authentication machinery that is essential to the business models of the intermediary system vendors (let's call them ADMDs for short) would make tracking them down fairly easy. And, of course, the bilateral agreements would make it fairly easy to isolate and punish an ADMD who didn't control its spammers or pay it settlement bills. I suppose I can leave the name of this high-quality, significantly overengineered, widely-deployed system as an exercise. Been there, wasted a lot of time, energy, and resources, gave up. john
RE: namedroppers, continued
Don't discount the unexloited features already supported in the deployed base. In particular most mail servers support inline SSL connection upgrades, or can be upgraded to do so with minimal hassle. Another instance in which a self signed cert is possibly sufficient authentication - although when you consider the security you get from upgrading the connection to SSL the price of the cert is kinda de minimis but I'll play along with the rulling IETF assumption of millions for hardware, not a cent for software. Phill -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Friday, December 06, 2002 3:59 PM To: Marc Schneiders Cc: Fred Baker; Hallam-Baker, Phillip; [EMAIL PROTECTED]; [EMAIL PROTECTED] Subject: RE: namedroppers, continued I'v been saying about need for more radical change in mail protocol for years now on mailing lists. I'd rather work on smtp itself, but some people who were involved in original protocol do not want any serious changes to what they'v done, though its clear that abuse and other holes with current system is creating too many problems. In any case, by next ietf meeting in san francisco, I'll bring complete proposal for new protocol and might even try some practical tests. I do still believe that smtp can be saved, but not without more complex authentication system during delivery of email and that can't be done with current protocol design or current available extension process. Also were there any discussions or more complete discription of this algorithm for checking if host had sent an email and if so is this available on website or archive to read more about? If answer is yes, can somebody send me url or approximate date of discussions so I could lookup in archives. And am I correct here in understanding what was proposed is that smtp conversation id be such that receiving mail server could verify with sender (callback?) that it deed indeed initiate the email. If so I do not quite understand how MD5 helps there, plus I see quite a few problems with creating some special mx-like record in dns just for verification. If this is indeed what was proposed its better to go with paul vixie's proposal of mailfrom dns record - http://www.vix.com/~vixie/mailfrom.txt or http://www.ietf.org/internet-drafts/draft-church-dns-mail-sender-02.txt On Fri, 6 Dec 2002, Marc Schneiders wrote: On Fri, 6 Dec 2002, at 13:41 [=GMT-0800], Fred Baker wrote: I think it was Steve Bellovin that suggested a procedure for reducing the utility of spoofing source addresses in emails; if not, it was me and I happened to suggest something his favorite algorithm fit into, by having a host in each mail domain (mailid.example.com) be able to assert that its domain had or had not sent an email within a given recent time period whose MD5 hash, when divided by vector of prime numbers resulted in vector of remainders. I could write that up in an internet draft if folks think it makes sense. That would be a more global procedure that didn't require a PKI and only addressed spoofed addresses. Spammers would be the first to set up your mailid host. They will have had years of experience to find holes in the system before you've convinced everyone to adopt or accept the mailid. It might be easier to write a new protocol to succeed email, instant messaging, mobile phones (something useful in itself) with built-in abuse control from the start. smime.p7s Description: application/pkcs7-signature
Re: IETF Sub-IP area: request for input
I vote for DP1 - Moving the WGs back to one of the existing permanent areas. Otherwise, the problem of coordination with related permanent areas is likely to get worse. regards, suresh --- Alex Zinin [EMAIL PROTECTED] wrote: FYI below. (Sorry for cross-posting.) Please post follow-ups to [EMAIL PROTECTED] -- Alex This is a forwarded message From: The IESG [EMAIL PROTECTED] To: Cc: Date: Wednesday, December 04, 2002, 8:08:49 AM Subject: IETF Sub-IP area: request for input ===8==Original message text=== IETF SUB-IP area The IESG announced in November of 2000 that a new SUB-IP temporary pseudo-area would be formed as a part of an effort to develop a systematic approach to dealing with what we used to describe as sub-IP technologies. At the time the IESG said: Over the years the boundary between 'wires' and IP protocols has become harder to define and the interaction has become more intertwined. For example, what appear as 'wires' or 'circuits' in a virtual network may in fact be routed datagrams in an underlying IP network. The topology of dynamic underlying networks such as ATM and soon switched optical networks can interact with IP-level traffic engineering and routing. Additionally, with IETF technologies such as MPLS we are defining a whole new class of 'wires'. (http://www.ietf.org/IESG/STATEMENTS/new-area.txt) After the December 2000 IETF meeting and taking into account the discussion at that meeting the IESG formed a temporary SUB-IP Area. IN the announcement of this action the IESG said: It is temporary because the IESG believes that this concentrated sub-IP effort will likely be of short duration, on the order of a year or two. We feel that much of the work will be done by then, and the working groups closed. Any working groups that have not finished when the IESG determines that the area should be closed will be moved into existing the IETF areas where they seem to have the best fit. and The IESG expects to review the development process and charters, however; if we conclude that this expectation is incorrect, we will need to make this area more formal. At that point, the nominating committee will be asked to supply dedicated area directors. (http://www.ietf.org/IESG/STATEMENTS/sub_area.txt) Although the SUB-IP working groups have made considerable progress (with 7 RFCs published, another 12 IDs approved for publication, 9 IDs under IESG consideration and an additional 11 IDs having been passed to the ADs for their evaluation) their work is not yet done (with 53 working group IDs currently in progress). It does appear that some of the working groups could finish the work in their charters over the next 6 months but it could be a lot longer for others. Because the end is in sight for some of the working groups and since the IESG had generally assumed that the area would be a temporary one and the second anniversary of the creation of the SUB-IP area is next spring, analysis was started in the IESG to figure out which areas would be the best ones for the SUB-IP working groups to move to so that they could continue their work. As part of that analysis a SUB-IP area session was held during the IETF meeting in Atlanta where this topic was discussed. There was a spirited discussion during the session on the best path forward. The opinions ranged from following the distribution of working groups, to doing so with some specific changes to keeping the working groups in a separate SUB-IP area. A sense of the room was taken at the end of the discussion and that sense was very strongly that the SUB-IP Area should become a long-term (the description that was used during the consensus call) one and that the nomcom be asked to nominate a person (or persons) to become director(s) of the SUB-IP area. To help provide more information as input for the IESG discussion we would like to continue the discussion started in Atlanta on the mailing list. It is our intention to keep the discussion on the future of the SUB-IP area open, but short-lived, because it would be a very good idea to let the nomcom know ASAP what the future holds as they need to know what expertise is needed in the ADs for the existing areas and if they need to search for additional people. The IESG aim is to be able to let the nomcom know what the future of the SUB-IP work is by the end of the day of Thursday Dec 12th. That date was chosen because it is the date of the next IESG teleconference yet it provides some time for a public discussion. The options seem to be: 1/ move WGs (back) to permanent areas: migrate the SUB-IP working groups to other IETF areas sometime soon, likely before next summer and close the SUB-IP area. Also, reconstitute the SUB-IP (and/or other) directorates to ensure the continued coordination between the remaining WGs.
a personal opinion on what to do about the sub-ip area
for what it's worth here is my personal opionion on what we should do in the question of the sub-ip area I think we should go with the status quo (with the IESG selecting two suck^H^H^H^Hvolunteers to manage the area next March) I do not think that we can make a reasoned decision to do otherwise in the next week. Before Atlanta I was of the opinion that moving the WGs into other areas was the right thing to do, not because of any particular event, but more because we had said this was a temporary area and it was getting to be a long temporary (but I suppose we should note that the last temporary area (ipng) lasted 4 years) But the feedback we got in Atlanta has convinced me that this is not reason enough to make a change. temporary area (ipng) lasted 4 years) But the feedback we got in Atlanta has convinced me that this is not reason enough to make a change. And any move at this time to move the WGs would be seen as a slap in the face of the quite strong (even if in a limited venue) opinion expressed in Atlanta. Right after Atlanta I was convinced that we should follow the consensus and ask the nomcom to find a AD but upon refection I'm not sure that is the right thing either - partially because as Randy has pointed out, we do not have a clear mission statement for such an area but mostly because enough of the WGs are close enough to finishing up that we whould have a quite small area in 6 months to a year and an area with only 2 or 3 working groups seems a bit of a waste. But if there is a long-term future for sub-IP work in the IETF then aditional working groups may be in the offering. We need the time to reflect on what that future should be. So I think we should continue as-is until: 1/ the WGs which will finish soon finish 2/ we (the IESG, IAB ietf community) figure out what role sub-ip should play in the IETF in the long term but it would be good to hear from more of you both to the IETF list and to the IESG directly Scott
Re: namedroppers, continued
Vernon Schryver wrote: It's been years since it was possible to be amused by the number of people who assume that spammers are more ignorant and less competent than they are, and so propose spam solutions predicated on spammers being unable to register as many names, keys, identities, or whatever as needed or as many as everybody else can. The problem I've seen repeatedly, including in an off-list discussion I'm having about this topic, is people confusing authentication with authorization. Even if you can authenticate every sender of every piece of email, that gains us virtually nothing -- not to mention it's a reasonably well-solved problem, e.g. PGP, S/MIME. As Vernon notes, spammers can create authentic credentials just as easily as anyone else. The devil is in determining what senders are authorized once we've authenticated them. My fear is the only effective solution may turn out to be closed lists with permission grants, such as the IM services introduced to keep spammers out. That will greatly reduce the utility of email. S
Re: namedroppers, continued
Paul Vixie wrote: - many ISPs won't let you forward or submit mail through someone else's SMTP server, even if you have permission to do so. so you can't forward your mail through your home ISP's mail server to allow the mail from check to work. in that case you'd be wise to not insert a MAIL-FROM MX for your domain. The vast majority of users do not have the ability to make that decision. The curious thing is that it is in an ISP's best interests _not_ to implement this draft, since doing so will likely mark nomadic users' email as suspect and potentially lose a customer. Most companies only support the public good to the extent it doesn't cost them any revenue. S
Re: a personal opinion on what to do about the sub-ip area
Scott Bradner wrote: for what it's worth here is my personal opionion on what we should do in the question of the sub-ip area I think we should go with the status quo (with the IESG selecting two volunteers to manage the area next March) I do not think that we can make a reasoned decision to do otherwise in the next week. Before Atlanta I was of the opinion that moving the WGs into other areas was the right thing to do, not because of any particular event, but more because we had said this was a temporary area and it was getting to be a long temporary (but I suppose we should note that the last temporary area (ipng) lasted 4 years) But the feedback we got in Atlanta has convinced me that this is not reason enough to make a change. I'll add that most of the attendees at this meeting in Atlanta were from the WGs themselves. It is unsurprising that the overwhelming position of that group is to maintain the status quo. Moving them is definitely seen as unwelcome change from within the groups themselves. It would be useful to hear from the community at large regarding this issue, rather than letting the group decide (essentially) for itself. FWIW, I have yet to see a substantive justification for the _creation_ of a new area yet. I, and others, have pointed out that the 'status quo' here is to let the area dissolve on schedule. Joe
RE: namedroppers, continued
This seems clever, however, it will also take significant computational effort to verify the computational effort was actually done. Even if a class of functions are found that are easier to verify than to compute, they will no doubt still take up a significant fraction of time. Also, all outgoing messages would need this computation, since a mailserver does not know who it has sent mail to in the past, and whether they are still in receipt of the verification. So then you would only be able to send 8000 messages a day, too. Clearly, that doesn't scale very well. It seems unlikely that this would change the percentage of spam, since it would merely reduce the total amount of mail sent. I haven't observed a recent proliferation of spam, however. Spam seems to be level. --Dean On Fri, 6 Dec 2002, Ayyasamy, Senthilkumar (UMKC-Student) wrote: this is the work all about (yesterday's seminar in a MIT group) If I don't know you, and you want your e-mail to appear in my inbox, then you must attach to your message an easily verified proof of computational effort, just for me and just for this message. If the proof of effort requires, say, 10 seconds to compute, then the economics of sending spam are radically altered, as a single machine can send only 8,000 messages per day. The recent proliferation of spam has lead to a renewed interest in these ideas. This work is about both the choice of functions that can be used to yield easily verifiable proofs of computational effort, and architectures for implementing the proof of effort approach. Filtering and/or forcing senders to pay in other currencies, such as human attention and money, will be covered as time permits for more details http://research.microsoft.com/research/sv/PennyBlack -- to unsubscribe send a message to [EMAIL PROTECTED] with the word 'unsubscribe' in a single line as the message text body. archive: http://ops.ietf.org/lists/namedroppers/
Re: namedroppers, continued
This doesn't adequately describe backup relays. If uunet is providing an alternate relay service, then all or any of uunet's relays might be providing that service. So it would have to be able to recursively look up uunets mail-from mx's, and the mail-from mx's of any subdomains listed by uunet. This process might contain loops. Additionally, the mail forwarding behavior is highly undesirable. A large mail site does not want to have to manually configure essentially the whole of the internet as possible multi-stage mail relays so that its users can forward mail from other servers to their mailbox. Indeed, even a relatively small site would not want to do that. However, even this approach won't stop spam, since a spammer will still be able to use their ISP's mailservers, with a stolen, or disposable account. There are plenty of KLEZ viruses out there, and plenty of stolen passwords. And it won't have any effect at all on spam from real commercial operators like Exactis who don't forge the from addresses. Essentially, I'm convinced after years of interaction with some radical anti-spammers that most of the non-commercial spam (and quite a lot of the forged-address spam) is sent by anti-spammers trying to essentially terrorize their way to some kind of technical solution that they think exists. However, no such solution exists. If there were such a solution, we could prevent all kinds of evils, like government corruption, embezzlement, misuse of all kinds of property. But there is no substitute for honesty and responsibility. If someone has possession of a privilege, (however that privilege was obtained--it may have been stolen), and they are so inclined to abuse that privilege, the only way to stop them is to remove the privilege. --Dean On Sat, 7 Dec 2002, Paul Vixie wrote: it's difficult to imagine a mailing list for which this thread is on-topic. I think it was Steve Bellovin that suggested a procedure for reducing the utility of spoofing source addresses in emails; if not, it was me and I happened to suggest something his favorite algorithm fit into, by having a host in each mail domain (mailid.example.com) be able to assert that its domain had or had not sent an email within a given recent time period whose MD5 hash, when divided by vector of prime numbers resulted in vector of remainders. I could write that up in an internet draft if folks think it makes sense. That would be a more global procedure that didn't require a PKI and only addressed spoofed addresses. -- here was my attempt at this, which i didn't really know where to go next with: IndependentPaul Vixie (Ed.) Request for Comments: Category: Experimental June 6, 2002 Repudiating MAIL FROM Status of this Memo This memo describes an experimental procedure for handling received e-mail. It does not specify an Internet standard of any kind. Distribution of this memo is unlimited. Copyright Notice Copyright (C) The Internet Society (2002). All Rights Reserved. Abstract At the time of this writing, more than half of all e-mail received by the author has a forged return address, due to the total absence of address authentication in SMTP (see [RFC2821]). We present a simple and backward compatible method whereby cooperating e-mail senders and receivers can detect forged source/return addresses in e-mail. 1 - Introduction and Overview 1.1. Internet e-mail return addresses are nonrepudiable by design of the relevant transport protocols (see [RFC2821]). Simply put, there is no cause for ANY confidence in the proposition this e-mail came from where it says it came from. 1.2. Irresponsible actors who wish to transmit unwanted bulk e-mail routinely use this designed-in lack of source/return authenticity to hide their point of origin, which usually involves forging a valid return address belonging to some highly visible and popular ISP (for example, HOTMAIL.COM). 1.3. Recipients who wish to reject unwanted bulk e-mail containing forged source/return addresses are prevented from doing so since the addresses, as presented, are nonrepudiable by design. Simply put, there would be too many false positives, and too much valid e-mail rejected, if one were to program an e-mail relay to reject all e-mail claiming to be from HOTMAIL.COM since, statistically, most e-mail claiming to be from HOTMAIL.COM is actually from somewhere else. HOTMAIL.COM, in this example, is a victim of forgery. Vixie Experimental [Page 1] RFC Repudiating MAIL FROM May 26, 2002 1.4. What's needed is a way to guaranty that each received e-mail message did in fact come from some mail server
RE: namedroppers, continued
On Fri, 6 Dec 2002, Ayyasamy, Senthilkumarwrote: If the proof of effort requires, say, 10 seconds to compute, then the economics of sending spam are radically altered, as a single machine can send only 8,000 messages per day. Wouldn't something like this cause problems for (large/free) email providers? They would probably need a lot of extra hardware to do all this computation. And until something like this is included in the standard, the receiver must accept mail from senders that don't implement this yet. I personally like the idea behind qconfirm (http://smarden.org/qconfirm/) and TMDA (http://tmda.net/). If I receive an email that I do not recognize or otherwise find to be authentic, a mail is sent back to the sender, requesting that they send a verification mail to a unique secret address. When a mail is received at this secret address, the original mail is delivered to me, and the secret address is removed. For a spammer, it is too expensive to receive and reply to all these mails. Ketil
Re: namedroppers, continued
To make them do all the work, and you do little to verify, you need a lot of things done independently, so that a random sample can be selected that is much smaller than the work they had to do. This will get bulky. The less they send, the larger the fraction of work you have to do in relation to theirs. And of course, you have to do the same amount of work on your outgoing messages as they do. The result is that it costs you much more than it costs the spammer. (since you have to do the work for both sending and receiving, and the spammer only has to do the work for sending. This would not result in a reduction of spam, as a percent of total mail. If everyone used this, it might (at best or worst) reduce the total mail sent, since the billions of legitimate messages sent each day would require significantly more work to send. Further, it would open one up to a denial of service type attack where garbage is sent, and you have to do the work to check the (invalid) signature, thereby wasting your cpu resources. Essentially, this shoots oneself in the foot. Or perhaps the CPU. --Dean On Sat, 7 Dec 2002, Steven M. Bellovin wrote: In message [EMAIL PROTECTED], Dean An derson writes: This seems clever, however, it will also take significant computational effort to verify the computational effort was actually done. Even if a class of functions are found that are easier to verify than to compute, they will no doubt still take up a significant fraction of time. In fact, that's the easy part. You could demand that the sender compute 1,000,000 HMACs of the text, the envelope, the time of day, and a counter. The verifier could check 100 randomly-chosen ones -- if any fail, there's a forgery. (Well, you probably wouldn't want those values, since 1,000,000 HMACs would be a lot of data to transmit. But you get the general idea.) --Steve Bellovin, http://www.research.att.com/~smb (me) http://www.wilyhacker.com (Firewalls book) -- to unsubscribe send a message to [EMAIL PROTECTED] with the word 'unsubscribe' in a single line as the message text body. archive: http://ops.ietf.org/lists/namedroppers/
RE: namedroppers, continued
On Sun, 8 Dec 2002, Lloyd Wood wrote: Sender pays is good. The penny black stamp effectively introduced a flat-rate tax on sending letters, rather than a variable-rate tax on receiving them, effectively turning mail into a common good available to all society. You assume this really means the spammer pays [more]. But that isn't the case. This is based on the myth that somehow the receiver pays the entire cost of a spam message. This isn't true, and never was true. The sender is already paying, whether they are spammer or mailing list operator, or regular end user. The fact is that email is so cheap that it costs almost nothing per message to send and receive. It gets cheaper every day, as disks and bandwidth get cheaper and cheaper. The receiver doesn't pay any more than the sender pays. Real commercial spam happens because the cost of sending spam is less than the cost of sending letters or postcards. If you artificially made email expensive, it would be expensive for list operators and regular people as well. You mentioned a rate of one cent per message. That would not be enough to deter spam. A rate of ten cents per message would still be cheaper than postal mail, and so spammers would still exist. Much non-commmercial spam is sent by KLEZ or Nimda viruses. This sort of abuse would not be affected whatsoever. Note that KLEZ infections are already illegal. Think how much it would cost to send out namedroppers, (and the entire bulk of IETF standards related email) if each message to each recipient cost, say $0.10. Or even one cent per message per recipient. This proposal would essentially wipe out many if not most mailing list operators, and most ISPs. I made a proposal back in 1997 that would not eliminate spam, but would keep it out of your mailbox. My proposal was rejected because radicals demanded a complete ban on spam. In 1998, there was an opportunity to get anti-spam legislation passed. Unreasonable anti-spam radicals passed up that opportunity when they insisted on unrealistic demands, and exaggerated and factually wrong assertions about the cost of spam. They assumed they could shout down any opposition, as they shouted down more reasonable proposals. They were understandably and easily crushed by the Direct Marketing Association (DMA). You can still see my proposal at http://www.av8.com/H.4581/better.html This proposal would have been difficult for the DMA to challenge since they already accept these restrictions on postal mail. You have the radical anti-spam leadership to thank for your spam, and the fact that you don't have a universal opt-out list. The anti-spam effort was for all practical purposes completely crushed when Exactis successfully sued MAPS and demonstrated that blacklists are subject to the Sherman Anti Trust Act and that blacklists weren't protected by the First Amendment. I told Vixie this would happen in 1997. He assured me that anti-spammers could win by technical means. If it wasn't clear that he was wrong in 1997, (and it seemed pretty obvious even then), it is now painfully obvious that Vixie and the rest were very wrong. It is really time for new, reasonable, anti-spam leadership, not artifical changes to the cost of email, or schemes to try to make sending mail more expensive for the senders, and certainly not gyrations in the sending of namedroppers. Thanks to the ineptitude, lack of foresight, irrationality, and general unreasonableness of the anti-spam leadership, spam is here to stay. It is just a matter of degrees of how bad it will be. I note there is some legislation before the house and senate (HR 1017) on spam control, that reportedly isn't opposed by the DMA. However, these only control fraudulent spam. HR 1017 proposes extensions of 18 USC 1030, which makes it a fraudulent spam a crime, but the FBI probably won't bring charges for small violations. There is no provision for a civil action. Another bill (S.630) would require each spammer to maintain an opt-out list. You would have to contact each spammer, and have your email address added to their list, one by one. There would be thousands of spammers to contact. Note that my proposal would had a single opt-out list (the Post Office already maintains such a list for postal junk mail), and my proposal probably could have been passed into law in 1998. --Dean
RE: a personal opinion on what to do about the sub-ip area
Let's also let the VRRP WG decide on the fate of SIP WG documents, the CALSCH WG decide on the fate of OSPF WG docs... Let's particularly ignore the fact that the folks closest to the issues have the most interest in getting the best possible outcome. You might not think that's a fair analogy, but it's really the constituents who are most impacted by the decision, not the IETF as a whole. I'm not sure why the other IETF WGs or areas would as a whole care about SUBIP, except on principle. And it's not like they don't have a voice (this mailing list and particularly the plenaries). I think the request for comments might be targeted at a slightly larger audience (other WGs in the Routing Area, Transport Area, Operations Area, perhaps) whose, since not everyone subscribes to the spam abatement, er, ietf mailing list. -Vach -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Joe Touch Sent: Monday, December 09, 2002 10:34 AM To: Scott Bradner Cc: [EMAIL PROTECTED] Subject: Re: a personal opinion on what to do about the sub-ip area Scott Bradner wrote: for what it's worth here is my personal opionion on what we should do in the question of the sub-ip area I think we should go with the status quo (with the IESG selecting two volunteers to manage the area next March) I do not think that we can make a reasoned decision to do otherwise in the next week. Before Atlanta I was of the opinion that moving the WGs into other areas was the right thing to do, not because of any particular event, but more because we had said this was a temporary area and it was getting to be a long temporary (but I suppose we should note that the last temporary area (ipng) lasted 4 years) But the feedback we got in Atlanta has convinced me that this is not reason enough to make a change. I'll add that most of the attendees at this meeting in Atlanta were from the WGs themselves. It is unsurprising that the overwhelming position of that group is to maintain the status quo. Moving them is definitely seen as unwelcome change from within the groups themselves. It would be useful to hear from the community at large regarding this issue, rather than letting the group decide (essentially) for itself. FWIW, I have yet to see a substantive justification for the _creation_ of a new area yet. I, and others, have pointed out that the 'status quo' here is to let the area dissolve on schedule. Joe
Re: a personal opinion on what to do about the sub-ip area
Vach Kompella wrote: Let's also let the VRRP WG decide on the fate of SIP WG documents, the CALSCH WG decide on the fate of OSPF WG docs... Let's particularly ignore the fact that the folks closest to the issues have the most interest in getting the best possible outcome. We don't let WGs decide the fate of WG docs; the IESG and RFC editors do that. The WGs make their - sometimes myopic - decisions, and the IESG decides how to proceed for the community. By closer analogy, we certainly don't let BOFs decide whether to be WGs themselves. Joe
RE: a personal opinion on what to do about the sub-ip area
Here's my personal opinion. I think we have two suck^H^H^H^Hvolunteers :-) I think the area's WGs need ADs who have been close enough to keep the continuity of relations with other standards bodies, the past work, etc. Regarding whether there is a need for an area long-term, it would depend on how we foresee the charter of each WG developing. ccamp: no opinion, since I haven't been keeping pace gsmp: their work is nearly done (according to my interpretation of Avri's comments) ipo: no opinion, since I haven't been keeping pace mpls: long-term ppvpn: possibly long-term tewg: their work is nearly done too (from the tewg minutes posted by Jim Boyle) We don't have visibility into the next year, so we should keep the area as is, which would allow the greatest progress in those WGs that are close to done. We will also know better what to do with the remaining WGs. If at that point, there's still work to be done, but not enough long-term WGs to warrant an area, I am perfectly happy to close the area, and move ccamp and mpls to RTG and ppvpn to (TSV | RTG). -Vach -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Scott Bradner Sent: Monday, December 09, 2002 8:28 AM To: [EMAIL PROTECTED] Subject: a personal opinion on what to do about the sub-ip area for what it's worth here is my personal opionion on what we should do in the question of the sub-ip area I think we should go with the status quo (with the IESG selecting two suck^H^H^H^Hvolunteers to manage the area next March) I do not think that we can make a reasoned decision to do otherwise in the next week. Before Atlanta I was of the opinion that moving the WGs into other areas was the right thing to do, not because of any particular event, but more because we had said this was a temporary area and it was getting to be a long temporary (but I suppose we should note that the last temporary area (ipng) lasted 4 years) But the feedback we got in Atlanta has convinced me that this is not reason enough to make a change. temporary area (ipng) lasted 4 years) But the feedback we got in Atlanta has convinced me that this is not reason enough to make a change. And any move at this time to move the WGs would be seen as a slap in the face of the quite strong (even if in a limited venue) opinion expressed in Atlanta. Right after Atlanta I was convinced that we should follow the consensus and ask the nomcom to find a AD but upon refection I'm not sure that is the right thing either - partially because as Randy has pointed out, we do not have a clear mission statement for such an area but mostly because enough of the WGs are close enough to finishing up that we whould have a quite small area in 6 months to a year and an area with only 2 or 3 working groups seems a bit of a waste. But if there is a long-term future for sub-IP work in the IETF then aditional working groups may be in the offering. We need the time to reflect on what that future should be. So I think we should continue as-is until: 1/ the WGs which will finish soon finish 2/ we (the IESG, IAB ietf community) figure out what role sub-ip should play in the IETF in the long term but it would be good to hear from more of you both to the IETF list and to the IESG directly Scott
Re: namedroppers, continued
From: Stephen Sprunk [EMAIL PROTECTED] ... The problem I've seen repeatedly, including in an off-list discussion I'm having about this topic, is people confusing authentication with authorization. ... Yes, that's a good way of putting the problem, but only for those able and willing to see the differences among authorization, authentication, confidentiality, non-repudiation, and so forth. It's sad that weak as dishwater authentication as authorization (and everything else) snake oil sells so well, as witnessed by Verisign's PKI and Microsoft's ActiveX. ...My fear is the only effective solution may turn out to be closed lists with permission grants, such as the IM services introduced to keep spammers out. That will greatly reduce the utility of email. That has already happened about as much as it is going to happen or could happen, as witnessed by the IETF lists. The variations in effectiveness and mechanisms among the IETF lists are minor details. The notion of limiting submissions to known authors was once very controversial here, but it's now accepted as necessary and desirable. I don't see any reduction in utility as a result. Individual mailboxes differ. Because people value its utility, personal addresses will continue to accept mail from strangers who might be sending the same message to 100,000 others. Various technical and administrative defenses will limit spam. Except for those few of us who are obsessed with spam, filters that are sufficent and require little effort will be used. Popular choices will be what people can do for themselves such as private and DNS white- and blacklists, SpamAssassin, Brightmail, Postinni, Cloudmark/Razor, and the DCC. (Do for themselves includes hiring a competent ISP.) Filters that require joint actions by the sender and receiver, including the computing-cost and authenticating DNS RR proposals, will never be popular. Because they won't be popular, installations that start to use them will switch to sufficient equivalents such as simple white-listing. Sufficient existing protocols are never vulnerable to slightly better replacements. Joint action is an enormous barrier. It is a cost that is justified only in special cases. That is why we are not routinely using PGP or S-MIME for our private mail. That's also why I see many more SMTP-TLS connections to my SMTP server than I expected (many including from spammers), and why almost none of them are authenticated. To use SMTP-TLS you need only install and configure a current SMTP server. To use authenticated SMTP-TLS, you must use PKI or exchange keys. Vernon Schryver[EMAIL PROTECTED]
RE: a personal opinion on what to do about the sub-ip area
At 11:15 AM 12/9/2002 -0800, Vach Kompella wrote: Let's also let the VRRP WG decide on the fate of SIP WG documents, the CALSCH WG decide on the fate of OSPF WG docs... Let's particularly ignore the fact that the folks closest to the issues have the most interest in getting the best possible outcome. AFAIK, we're not discussing document status; we're discussing working groups and the area that contains them. The documents will be published. And by the way, what do you think a last call is? We *do* in fact ask folks to comment on drafts being published outside their immediate area of concern. As presented, we are discussing six working groups (ccamp, gsmp, ipo, mpls, ppvpn, and tewg), down from an original nine if memory serves, and of which four are likely to complete their work and dissolve during the coming year anyway. So we're really talking about two working groups: ccamp and mpls. The comparison is to Transport (27 working groups, up from a year ago) or Security (17 working groups), and User Services (now closed, with both of its working groups). If there were new working groups spawning here, one might be able to argue that there is work justifying asking one or two people to dedicate their time as area directors to managing the working groups. It seems to me that moving the two continuing-to-be-active working groups to an active home when the others close is just good-management-101. If we're going to keep the area open, there needs to be a solid justification for doing so, and it's not there.
Reminder: Deadline for input on sub-ip discussion
All, On Wed Dec 4th, we asked for input to help us decide on the future of the SUB-IP Area. See our posting at http://www.ietf.org/mail-archive/ietf/Current/msg18370.html We had a large majority of people at the SUBIP Area meeting in Atlanta expressing that they want the area to be long(er) lived. This will be part of our input. But we need/want to hear from the IETF community. So please express your opionion (and the reasoning behind it) asap on [EMAIL PROTECTED], but certainly before Thursday Dec 12th 10am US Eastern time. As expressed in the above posting (with data points and discussion included), the 3 choices for the SUB-IP Area seem to be: 1/ move WGs (back) to permanent areas: migrate the SUB-IP working groups to other IETF areas sometime soon, likely before next summer and close the SUB-IP area. Also, reconstitute the SUB-IP (and/or other) directorates to ensure the continued coordination between the remaining WGs. 2/ establish a long-term area: decide that the SUB-IP area will be a long-term one, clearly define its charter, and ask the nomcom to select one or two people to be Area Directors 3/ status quo: continue the SUB-IP Area as a temporary, ad-hoc effort, much as it has been, with the IESG selecting two sitting ADs to continue the effort that Bert Scott have been doing. But maybe give more responsibility to the working group's technical advisors, normally the AD from the area where the working group might otherwise live. The opinions expressed so far seem to show clearly that the community is divided on the issue, with perhaps some preference for the status quo (alternative 3). If you have a strong preference for one (or two) of these, and have not yet said so, please indicate your opinion (and your reasons) by mail to [EMAIL PROTECTED] before Thursday. Thank you! Harald Alvestrand, for the IESG (please repost this message where appropriate)
RE: a personal opinion on what to do about the sub-ip area
You normally don't get to last call without having gotten the WG's opinion on whether it should even go to the IESG. I think the IESG expects that due diligence from the WG. It has been pointed out that the sub-ip area meeting had an majority that wished the area to continue, at least for the time being. I don't want that to be ignored, or dismissed as just the choir's opinion. The general solicitation of input on the ietf mailing list (and, as I suggested in my email, we should probably have included other RTG and TSV working groups - not just those involved in SUB-IP related work), is like the last call. I've aleady posted my personal opinion on where I think we should go with sub-ip. To clarify, in terms of the three options given, it's option 3 (status quo). I am of the opinion that if the target for 3 WGs (ipo, tewg, gsmp) is to close soon, then keeping the area (with the same ADs) open temporarily long enough for the continuity needed to bring stuff to closure is also good management-101. I'm not very bullish on ppvpn closing on schedule. I don't think ccamp and mpls will close that soon. So, I would expect that these two would go into RTG and ppvpn (because of its affinity to pwe3) would go into TSV, but perhaps it may end up in RTG. -Vach -Original Message- From: Fred Baker [mailto:[EMAIL PROTECTED]] Sent: Monday, December 09, 2002 12:31 PM To: [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Subject: RE: a personal opinion on what to do about the sub-ip area At 11:15 AM 12/9/2002 -0800, Vach Kompella wrote: Let's also let the VRRP WG decide on the fate of SIP WG documents, the CALSCH WG decide on the fate of OSPF WG docs... Let's particularly ignore the fact that the folks closest to the issues have the most interest in getting the best possible outcome. AFAIK, we're not discussing document status; we're discussing working groups and the area that contains them. The documents will be published. And by the way, what do you think a last call is? We *do* in fact ask folks to comment on drafts being published outside their immediate area of concern. As presented, we are discussing six working groups (ccamp, gsmp, ipo, mpls, ppvpn, and tewg), down from an original nine if memory serves, and of which four are likely to complete their work and dissolve during the coming year anyway. So we're really talking about two working groups: ccamp and mpls. The comparison is to Transport (27 working groups, up from a year ago) or Security (17 working groups), and User Services (now closed, with both of its working groups). If there were new working groups spawning here, one might be able to argue that there is work justifying asking one or two people to dedicate their time as area directors to managing the working groups. It seems to me that moving the two continuing-to-be-active working groups to an active home when the others close is just good-management-101. If we're going to keep the area open, there needs to be a solid justification for doing so, and it's not there.
Re: Reminder: Deadline for input on sub-ip discussion
On Mon, Dec 09, 2002 10:21:59PM +0100, Harald Tveit Alvestrand allegedly wrote: The opinions expressed so far seem to show clearly that the community is divided on the issue, with perhaps some preference for the status quo (alternative 3). That means to me you should just leave it alone for now. Are they destroying the IETF's reputation? Creating designs which make other areas' work impossible? If in fact half the working groups in the area are about to finish, let them do so. This particular problem is one that's getting better, not worse. We have other things that are more urgent. ..Scott
Re: namedroppers, continued
On Mon, 09 Dec 2002 11:52:26 CST, Stephen Sprunk [EMAIL PROTECTED] said: The problem I've seen repeatedly, including in an off-list discussion I'm having about this topic, is people confusing authentication with authorization. Authentication: Yes, you seem to be Jeffrey Dahlmer. Authorization: You say you'd like to borrow a steak knife? Usually clears up the confusion in all but the most sluggish mind.. ;) However, authorization usually implies authentication beforehand. Does anybody have a reference on an authorization scheme that doesn't imply any authentication? -- Valdis Kletnieks Computer Systems Senior Engineer Virginia Tech msg09712/pgp0.pgp Description: PGP signature
RE: a personal opinion on what to do about the sub-ip area
At 01:38 PM 12/9/2002 -0800, Vach Kompella wrote: It has been pointed out that the sub-ip area meeting had an majority that wished the area to continue, at least for the time being. I don't want that to be ignored, or dismissed as just the choir's opinion. I don't believe it is being ignored. It is in fact a large part of the reason the ADs are asking this question, and BTW the fact that they asked the area folks the question shows an open-ness of mind. They take a lot of !@#$%^ from the community, I wish the community would notice when they do something well, and speak as loudly about it. But I should hope that not only would the wishes of the folks in the area be looked at, but the wear and tear on the ADs, and the management principles that apply. It has to be a sensible decision on all counts, not just the presently-popular one. I've aleady posted my personal opinion on where I think we should go with sub-ip. To clarify, in terms of the three options given, it's option 3 (status quo). which is to say, wait until the work winds down, and then close the temporary area. I'm glad we agree on that; from your last email, it sounded like we didn't. If you go back and read both emails that I have posted to this list, I have said as much, and I think that's pretty much what Scott said he came down to in the end.
Re: namedroppers, continued
Thus spake [EMAIL PROTECTED] Authentication: Yes, you seem to be Jeffrey Dahlmer. Authorization: You say you'd like to borrow a steak knife? Usually clears up the confusion in all but the most sluggish mind.. ;) That's a very clear example, thanks. However, authorization usually implies authentication beforehand. Does anybody have a reference on an authorization scheme that doesn't imply any authentication? In a sense: the IETF lists (and most others) use a null authentication method, i.e. you trust whatever is in the message. After that (null) step, we apply weak authorization, i.e. whether the sender is on the approved list. I've seen lots of proposals to improve the former-- hardly difficult -- but none for the latter. Perhaps using precise terminology will help focus efforts in the right area. S
Re: a personal opinion on what to do about the sub-ip area
Let's particularly ignore the fact that the folks closest to the issues have the most interest in getting the best possible outcome. increasingly often I find WGs whose definition of the best possible outcome is inconsistent with, and in some cases almost diametrically opposed to, the interests of the larger community. Keith
Re: namedroppers, continued
At 16:53 -0500 12/9/02, [EMAIL PROTECTED] wrote: However, authorization usually implies authentication beforehand. Does anybody have a reference on an authorization scheme that doesn't imply any authentication? World readable files. -- -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Edward Lewis +1-703-227-9854 ARIN Research Engineer
Re: Reminder: Deadline for input on sub-ip discussion
I'm in favor of 1/ 3/, again, seems contradictory. The status quo is that it disappears. Continuing it without a fixed end date is to subversively result in 2/ without a clear charter definition and Nomcom participation. To be specific, I don't think 3/ should be on the table, at least not without a finite extension limit. However, what do we expect to change in the next N months? Will all the current groups complete their mission? Will no new groups want to be in this area? If we can't stick to a deadline now, what makes us think we can stick to one in N months? Joe 1/ move WGs (back) to permanent areas: migrate the SUB-IP working groups to other IETF areas sometime soon, likely before next summer and close the SUB-IP area. Also, reconstitute the SUB-IP (and/or other) directorates to ensure the continued coordination between the remaining WGs. 2/ establish a long-term area: decide that the SUB-IP area will be a long-term one, clearly define its charter, and ask the nomcom to select one or two people to be Area Directors 3/ status quo: continue the SUB-IP Area as a temporary, ad-hoc effort, much as it has been, with the IESG selecting two sitting ADs to continue the effort that Bert Scott have been doing. But maybe give more responsibility to the working group's technical advisors, normally the AD from the area where the working group might otherwise live.
Sub-IP: A lurker's view, choose Option 1
I haven't been involved in, or even particularly tracking, Sub-IP
efforts since the start of 2001. That makes me either irrelevant or
independent, your choice. I was lurking around some of the Sub-IP
topics prior to November 2000, so my perspective is probably past
its 'best before' date. Nevertheless...
I suggest Sub-IP needs to fold/fade as per its original goals, and
the remaining WGs moved to regular Areas. If a good argument can
later be made for re-constituting a Sub-IP (or similar) area, then
let that argument be made from scratch.
I think that maps most closely Harald's Option 1 (I'd pick Option 3
if it explicitly clarified that no new WGs could be added to Sub-IP,
but without the protection of such a clause I have to pick Option 1).
Why? A couple of thoughts.
- This discussion isn't about whether the related work itself is valuable.
It is about the utility of an entire Area dedicated to Sub-IP.
Different things.
- A thought: IP networking involves routing, transport, e2e ('internet'),
and security issues (at least), and the IETF has Areas to deal with each.
In 2000 it was broadly observed that some subnetwork technologies were
absorbing IP-ish protocols and methods (e.g. MPLS and derivatives)
and that other virtual network technologies were being built over/around/inside
existing IP networks. Despite the fact that each of these work areas have
routing, transport, and security implications we somehow decided it could
all be handled by a single, Sub-IP Area. This has all the halmarks of a
short-term until we can figure out where to properly put them solution.
The short-term is over, now assign the work out into the appropriate routing,
transport, internet, or security areas.
- I'm not convinced by arguments of Sub-IP participants that their
Area must go on (or grow on). I've been immersed enough in WG work
before to know the temptation of self-importance. Having one's own
area would be pretty important. But I'm not convinced these WGs
are best served by being supported outside the other IETF areas.
(And see point 1 above that this isn't a debate about the value, per se,
of the work being done in Sub-IP)
cheers,
gja
--
Grenville Armitage
http://caia.swin.edu.au
Re: namedroppers, continued
I haven't personally tried myself to opt out. But I've read they have the form. If they told you they don't have a form to sort out junk mail for you I'd say they were full out it. I'd call the Postmaster General's office. - Original Message - From: Stephen Sprunk [EMAIL PROTECTED] To: Bill Cunningham [EMAIL PROTECTED] Sent: Monday, December 09, 2002 12:56 PM Subject: Re: namedroppers, continued Can you tell me where to get this form? When I spoke to the USPS, they said they're legally obligated to deliver all junk mail addressed to me, regardless of whether I want it. Now, the DMA (not the USPS) does have an opt-out list you can join, but unfortunately that only drops about half the junk mail I get -- many local mailers don't join the DMA because of cost. S Bill Cunningham wrote: How about passing a law that makes eveyone install a BIOS patch to block out spam. ;-) On the serious side Vernon has a point. Even with snail mail you can go to the post office and the USPS will provide you with a form to fill out and they will not put advertisements into your mail. If ISPs would only do the same. As of yet, if all else fails, deleting a email box is easier and more effective than taking a ballbat to a snail mail box. --Bill - Original Message - From: Vernon Schryver [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Monday, December 09, 2002 12:09 AM Subject: Re: namedroppers, continued From: [EMAIL PROTECTED] ... The bootstrap problem will exist no matter what scheme we decide on. There are many spam solutions that do not have the bootstrapping problem. Examples include effective laws and honest intent and action by ISPs. Before saying those are hopeless, please note that the many bootstrap-limited proposals don't have proven prospects. The point I was addressing was that there's been two major classes of scheme proposed ... However, the partitions created by each scheme are quite complementary, ... Your observation of how those two solutions fit together is interesting...or would be if they did not suffer from other problems. ... Moore's law causes a bunch of problems for the computing idea. ... It may not be as big of a problem as we think. Rough back-of-envelope calculations now: Let's say we assume a function X designed to take 10 seconds of CPU on my laptop (which has a 1.6Gz P-4 in it) to limit it to 8K messages/day. http://www.intel.com/home/desktop/pentium4/ suggests state of the commodity art is about twice that, which lets a spammer send 16K msgs/day. Moore's law is still a treadmill that you don't want to fight. Now, this same function will take around 2 minutes on a 133mz processor and be restricted to 800 mails/day. ... I would put the lower limit at around 48 MHz on 80486s, or ~8 times slower than a 133 MHz Pentium. Such machines go back less than 10 years. Would you expect your conservative correspondents to spend 15 minutes to send you a message, or would you just white-list them? Once you start white-listing, it's hard to have much enthusiasm for more fancier solutions. Now how many people are still using a 133 system to do that much outbound mail themselves (and *NOT* just relaying all outbound mail to a smarthost)? I think recent FreeBSD and sendmail would still work fine at 48 MHz, although you probably want to stuff the thing to the gills with 64 MByte of RAM, or more if it can take it. There are many computing tasks that don't need 3 GHZ and 3 GByte. Aren't busy smarthosts significantly busier than 80K msgs/day? From my old experience, that was true even when they were running at less than 50 MHz and with perhaps 100 MByte. Besides, no matter what inmates of glass houses and big ISPs would have you think, SMTP is a peer-to-peer protocol. A major damage spam is doing is helping government commissars and ISP salescritters convince people that the ancient Compuserve/AOL/Prodigy/whatever dumb-terminal- connected-to-central-servers is the only way to do public networking and computing. And even *MORE* to the point, what are the chances that a system that old will be upgraded software-wise to support a scheme, even if it takes zero additional CPU? ... Would you whitelist it for the next 10 years? If there are very few, white-listing works. If not, you've got that bootstrapping problem, and you've invited the white-listing camel into your tent. Vernon Schryver[EMAIL PROTECTED] | | Stephen Sprunk, K5SSS, CCIE #3723 :|::|:Network Design Consultant :|||: :|||: Cisco Advanced Services .:|||:..:|||:.Richardson, Texas, USA
RE: a personal opinion on what to do about the sub-ip area
THE PRESENT SET OF AREA DIRECTORS ARE DOING A GREAT JOB. THIS IS A CONTINUATION OF A LONG STANDING TREND. (Is that better, Fred?) I support option 3). I also suspect that this is not a case of ignoring the consensus of those attending the meeting. Some people may feel that the best way for the ADs involved to find relief from their awesome burdens was to create a new directorship. If that doesn't make sense from their perspective, then why do it? Eric W. Gray Systems Architect Celox Networks, Inc. [EMAIL PROTECTED] 508 305 7214 -Original Message- From: Fred Baker [mailto:[EMAIL PROTECTED]] Sent: Monday, December 09, 2002 4:54 PM To: [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Subject: RE: a personal opinion on what to do about the sub-ip area At 01:38 PM 12/9/2002 -0800, Vach Kompella wrote: It has been pointed out that the sub-ip area meeting had an majority that wished the area to continue, at least for the time being. I don't want that to be ignored, or dismissed as just the choir's opinion. I don't believe it is being ignored. It is in fact a large part of the reason the ADs are asking this question, and BTW the fact that they asked the area folks the question shows an open-ness of mind. They take a lot of !@#$%^ from the community, I wish the community would notice when they do something well, and speak as loudly about it. But I should hope that not only would the wishes of the folks in the area be looked at, but the wear and tear on the ADs, and the management principles that apply. It has to be a sensible decision on all counts, not just the presently-popular one. I've aleady posted my personal opinion on where I think we should go with sub-ip. To clarify, in terms of the three options given, it's option 3 (status quo). which is to say, wait until the work winds down, and then close the temporary area. I'm glad we agree on that; from your last email, it sounded like we didn't. If you go back and read both emails that I have posted to this list, I have said as much, and I think that's pretty much what Scott said he came down to in the end.
Re: namedroppers, continued
Does anybody have a reference on an authorization scheme that doesn't imply any authentication? You will deliver the satchel to the one who presents the matching half of this hundred-euro note.
Re: namedroppers, continued
On Mon, 09 Dec 2002 17:47:58 EST, Edward Lewis said: Does anybody have a reference on an authorization scheme that doesn't imply any authentication? World readable files. We know how to do that already ;) I was thinking more along the lines of a zero-knowledge proof or something like that - a scheme where you can prove you're authorized to do something(*) without having to prove who you are first. (*) and explicitly ruling out the 'null check, everybody is allowed' case ;) /Valdis msg09723/pgp0.pgp Description: PGP signature
Re: Reminder: Deadline for input on sub-ip discussion
Harald Tveit Alvestrand wrote: All, snip If you have a strong preference for one (or two) of these, and have not yet said so, please indicate your opinion (and your reasons) by mail to [EMAIL PROTECTED] before Thursday. my preferences are 2 or 3, so far i've not seen any other argument for 1 other than it was decided 2 years ago, if we really want the 3 of the wg's to finish let them do so with re-org i strongly doubt that ccamp, mpls and ppvpn are candidates for closing down in 6 months it seems like the arguments by keith, fred and joe are good arguments for that these wg's need a focus of their own if you believ that they are doing harm, that is not reason to re-org, closing down would be called for if you believe they are doing good, let them continue to do so in neither case shuffle groups around helps i can live with status quo /Loa -- Loa Andersson Mobile +46 739 81 21 64 Email [EMAIL PROTECTED]
Re: namedroppers, continued
--On Monday, 09 December, 2002 16:17 -0600 Stephen Sprunk [EMAIL PROTECTED] wrote: Thus spake [EMAIL PROTECTED] Authentication: Yes, you seem to be Jeffrey Dahlmer. Authorization: You say you'd like to borrow a steak knife? Usually clears up the confusion in all but the most sluggish mind.. ;) That's a very clear example, thanks. However, authorization usually implies authentication beforehand. Does anybody have a reference on an authorization scheme that doesn't imply any authentication? In a sense: the IETF lists (and most others) use a null authentication method, i.e. you trust whatever is in the message. After that (null) step, we apply weak authorization, i.e. whether the sender is on the approved list. Actually, it is a very common situation: Think about almost any case in which possession of a token authorizes one to do something, but no identification/ authentication is implied. For what is perhaps one of the older examples, can you go to a store where you are not known, in some part of your country where you are not frequently present, and buy something. Of course you can: you pass an authorization token, typically called cash across the counter and get some merchandise in return. The quantity of tokens you possess and their value even determines the extent of your authorization. Credit card companies often draw an analogy to that situation, which is one of the reasons they have stayed far out of the _public_ part of the PKI business: they don't really care who you are, or who uses the credit card, as long as the bill gets paid. Anything they do or require that involves authentication has to do with the the bill will get paid without protest property, not your identity. john
Re: a personal opinion on what to do about the sub-ip area
FWIW, I support Scott's suggestion. We went somewhat different paths, but finally came to the same conclusion. I'm personally skeptical at this moment about SUB-IP becoming a permanent area (area overlaps, mission statement, expected number of WGs, etc.), but we did hear in Atlanta a strong message from the SUB-IP community against closing the area at this time. IMO our best shot now is to continue as is, and revisit the question in a year or when the situation with about-to- conclude WGs clarifies. Alex Monday, December 09, 2002, 8:27:43 AM, Scott Bradner wrote: for what it's worth here is my personal opionion on what we should do in the question of the sub-ip area I think we should go with the status quo (with the IESG selecting two suck^H^H^H^Hvolunteers to manage the area next March) I do not think that we can make a reasoned decision to do otherwise in the next week. Before Atlanta I was of the opinion that moving the WGs into other areas was the right thing to do, not because of any particular event, but more because we had said this was a temporary area and it was getting to be a long temporary (but I suppose we should note that the last temporary area (ipng) lasted 4 years) But the feedback we got in Atlanta has convinced me that this is not reason enough to make a change. temporary area (ipng) lasted 4 years) But the feedback we got in Atlanta has convinced me that this is not reason enough to make a change. And any move at this time to move the WGs would be seen as a slap in the face of the quite strong (even if in a limited venue) opinion expressed in Atlanta. Right after Atlanta I was convinced that we should follow the consensus and ask the nomcom to find a AD but upon refection I'm not sure that is the right thing either - partially because as Randy has pointed out, we do not have a clear mission statement for such an area but mostly because enough of the WGs are close enough to finishing up that we whould have a quite small area in 6 months to a year and an area with only 2 or 3 working groups seems a bit of a waste. But if there is a long-term future for sub-IP work in the IETF then aditional working groups may be in the offering. We need the time to reflect on what that future should be. So I think we should continue as-is until: 1/ the WGs which will finish soon finish 2/ we (the IESG, IAB ietf community) figure out what role sub-ip should play in the IETF in the long term but it would be good to hear from more of you both to the IETF list and to the IESG directly Scott
Re: namedroppers, continued
[EMAIL PROTECTED] wrote: Does anybody have a reference on an authorization scheme that doesn't imply any authentication? From:-line based email filters. -- Cos (Ofer Inbar) -- [EMAIL PROTECTED] http://cos.polyamory.org/ -- WBRS (100.1 FM) -- [EMAIL PROTECTED] http://www.wbrs.org/ OSI is a beautiful dream, and TCP/IP is living it! -- Einar Stefferud [EMAIL PROTECTED], IETF mailing list, 12 May 1992
Re: Reminder: Deadline for input on sub-ip discussion
-BEGIN PGP SIGNED MESSAGE- Harald == Harald Tveit Alvestrand [EMAIL PROTECTED] writes: Harald 2/ establish a long-term area: decide that the SUB-IP Harald area will be a long-term one, clearly define its charter, and ask the Harald nomcom to select one or two people to be Area Directors Harald 3/ status quo: continue the SUB-IP Area as a temporary, Harald ad-hoc effort, much as it has been, with the IESG selecting two sitting Harald ADs to continue the effort that Bert Scott have been doing. But maybe Harald give more responsibility to the working group's technical advisors, Harald normally the AD from the area where the working group might otherwise Harald live. I prefer #3 for the next year. However, I would prefer that we change: IESG selecting two sitting ADs to continue to IESG selecting two people as ADs That is, the IESG could select people who aren't currently sitting ADs. (or they can select sitting ADs) ] ON HUMILITY: to err is human. To moo, bovine. | firewalls [ ] Michael Richardson, Sandelman Software Works, Ottawa, ON|net architect[ ] [EMAIL PROTECTED] http://www.sandelman.ottawa.on.ca/ |device driver[ ] panic(Just another Debian GNU/Linux using, kernel hacking, security guy); [ -BEGIN PGP SIGNATURE- Version: GnuPG v1.0.7 (GNU/Linux) Comment: Finger me for keys iQCVAwUBPfUnDoqHRg3pndX9AQEghQQA57ZhokVCkMDIt8Xix4yu1tjCQEb9JmcD ksrpBr60p3dN5TKnGiHn+qPX6cX0J1PSiiPckkLjN6x1HiKDScxEFncOIeWhx9L0 Zo6dDQIP64Abg4OsF3qiKEOgr5t5QOoMyr1By7f6Q97/iF8KzPQznLmASm+diipd Oy7Y08BefpU= =UHO4 -END PGP SIGNATURE-
Re: namedroppers, continued
Stephen, Monday, December 9, 2002, 9:52:26 AM, you wrote: Stephen The devil is in determining what senders are authorized once we've Stephen authenticated them. The concept of being authorized to send someone mail has good logic, but goes against established human communication practises for mail and telephone. (Filtering is common to both, but is different from authorization.) Some time ago, Mike O'Dell put forward the idea of accountable, in the sense of being able to reach back to the sender, to hold them accountable for their actions. The general idea behind pursuing simple authentication presumes that the really nasty spammers would not want to be identified. It's not clear how valid this presumption really would be. d/ -- Dave Crocker mailto:[EMAIL PROTECTED] TribalWise http://www.tribalwise.com t +1.408.246.8253; f +1.408.850.1850
RE: a personal opinion on what to do about the sub-ip area
My question is, what harm will be done to the WG's ability to deliver and close by moving them? If there were are real need for cross group coordination within the sub-IP area, that would be a little clearer. Instead we have a situation where these groups need to coordinate with a real area to accomplish their work, but feel they need dedicated area directors to do that. The only reason I can see that this would make any difference is if the AD's in the natural home area were particularly critical of the work. If that were the case, it would be difficult to coordinate with that area as the charter requires, so I can't see that it really matters in the long run. The only real gain here is the ability to run along under the 'natural home' AD's radar until the IESG gets the doc. That could be good because it allows the group to bake the ideas before being criticized, but it could also be bad because it makes the whole IESG look like the bad guys when a doc is rejected after WG last call. If the groups are really expected to close within a year anyway, they must be sufficiently far along that a change in management will not derail their efforts. If that is not the case, how would they survive if sub-IP were a standing area and the nomcom decided to change the AD? In any case, I believe the burden of proof needs to be on those who want the area continued as to why close coordination between the WGs is a more expedient approach to task completion than simply putting them back in their natural homes. Tony -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Alex Zinin Sent: Monday, December 09, 2002 3:17 PM To: Scott Bradner Cc: [EMAIL PROTECTED] Subject: Re: a personal opinion on what to do about the sub-ip area FWIW, I support Scott's suggestion. We went somewhat different paths, but finally came to the same conclusion. I'm personally skeptical at this moment about SUB-IP becoming a permanent area (area overlaps, mission statement, expected number of WGs, etc.), but we did hear in Atlanta a strong message from the SUB-IP community against closing the area at this time. IMO our best shot now is to continue as is, and revisit the question in a year or when the situation with about-to- conclude WGs clarifies. Alex Monday, December 09, 2002, 8:27:43 AM, Scott Bradner wrote: for what it's worth here is my personal opionion on what we should do in the question of the sub-ip area I think we should go with the status quo (with the IESG selecting two suck^H^H^H^Hvolunteers to manage the area next March) I do not think that we can make a reasoned decision to do otherwise in the next week. Before Atlanta I was of the opinion that moving the WGs into other areas was the right thing to do, not because of any particular event, but more because we had said this was a temporary area and it was getting to be a long temporary (but I suppose we should note that the last temporary area (ipng) lasted 4 years) But the feedback we got in Atlanta has convinced me that this is not reason enough to make a change. temporary area (ipng) lasted 4 years) But the feedback we got in Atlanta has convinced me that this is not reason enough to make a change. And any move at this time to move the WGs would be seen as a slap in the face of the quite strong (even if in a limited venue) opinion expressed in Atlanta. Right after Atlanta I was convinced that we should follow the consensus and ask the nomcom to find a AD but upon refection I'm not sure that is the right thing either - partially because as Randy has pointed out, we do not have a clear mission statement for such an area but mostly because enough of the WGs are close enough to finishing up that we whould have a quite small area in 6 months to a year and an area with only 2 or 3 working groups seems a bit of a waste. But if there is a long-term future for sub-IP work in the IETF then aditional working groups may be in the offering. We need the time to reflect on what that future should be. So I think we should continue as-is until: 1/ the WGs which will finish soon finish 2/ we (the IESG, IAB ietf community) figure out what role sub-ip should play in the IETF in the long term but it would be good to hear from more of you both to the IETF list and to the IESG directly Scott
RE: a personal opinion on what to do about the sub-ip area
And is that because members of the larger community were not allowed to participate in those WGs whose decisions adversely impacted their interests? Because, by your assertion, if they had participated, they would have been part of making the WG decision, which would therefore not have been in the interest of that remaining larger community :-) -Vach -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Monday, December 09, 2002 11:55 AM To: [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Subject: Re: a personal opinion on what to do about the sub-ip area Let's particularly ignore the fact that the folks closest to the issues have the most interest in getting the best possible outcome. increasingly often I find WGs whose definition of the best possible outcome is inconsistent with, and in some cases almost diametrically opposed to, the interests of the larger community. Keith
Re: a personal opinion on what to do about the sub-ip area
increasingly often I find WGs whose definition of the best possible outcome is inconsistent with, and in some cases almost diametrically opposed to, the interests of the larger community. I have two problems with this statement. First, while I am all for being critical of our processes for the purposes of improving them, we as a group should avoid making these sorts of generalizations. Say what you will about Dan Bernstein. At least his complaints are specific and backed up. Second, I believe the complaints that are alluded to have been raised again and again and again. Can we as a community learn to agree to disagree on points of architecture, once decisions have been made? Eliot
Re: a personal opinion on what to do about the sub-ip area
The workings of special interest groups can and often do have a significant effect on the general population, but nobody can afford the time and energy it takes to keep track of every special interest group that might affect him. Often it seems as though the WGs reflect the broad consensus of the community, and the IESG is the special interest group.
Re: a personal opinion on what to do about the sub-ip area
increasingly often I find WGs whose definition of the best possible outcome is inconsistent with, and in some cases almost diametrically opposed to, the interests of the larger community. I have two problems with this statement. First, while I am all for being critical of our processes for the purposes of improving them, we as a group should avoid making these sorts of generalizations. Say what you will about Dan Bernstein. At least his complaints are specific and backed up. Sometimes it's better to be imprecise than to point fingers and name names. However I am seriously considering pointing fingers and naming names. Second, I believe the complaints that are alluded to have been raised again and again and again. Can we as a community learn to agree to disagree on points of architecture, once decisions have been made? Oh, you're talking about *that* group. I had almost forgotten about them. Keith
Re: a personal opinion on what to do about the sub-ip area
The workings of special interest groups can and often do have a significant effect on the general population, but nobody can afford the time and energy it takes to keep track of every special interest group that might affect him. Often it seems as though the WGs reflect the broad consensus of the community, and the IESG is the special interest group. In my experience, IESG has tremendous breadth - considerably exceeding that of any single WG. Keith
Re: a personal opinion on what to do about the sub-ip area
Eric Rosen wrote: [..] Often it seems as though the WGs reflect the broad consensus of the community, and the IESG is the special interest group. Given that the IETF *is* a special interest group, I take this as a feature rather than a bug. cheers, gja
Re: Reminder: Deadline for input on sub-ip discussion
Michael Richardson wrote: -BEGIN PGP SIGNED MESSAGE- Harald == Harald Tveit Alvestrand writes: Harald 2/ establish a long-term area: decide that the SUB-IP Harald area will be a long-term one, clearly define its charter, and ask the Harald nomcom to select one or two people to be Area Directors Harald 3/ status quo: continue the SUB-IP Area as a temporary, Harald ad-hoc effort, much as it has been, with the IESG selecting two sitting Harald ADs to continue the effort that Bert Scott have been doing. But maybe Harald give more responsibility to the working group's technical advisors, Harald normally the AD from the area where the working group might otherwise Harald live. I prefer #3 for the next year. The problem with #3 is that there is no timeline of any sort in this option. While option #1 (quoted below) sounds severe, it does not close all the door for Sub-IP. It just forces IETF as a community to rethink whether those remaining wgs (or anything else people come up with then) belong to IETF or not, and if they do, where. I believe this was why the Sub-IP area was marked temporary when it was created; to force us to re-examine the issues now. 1/ move WGs (back) to permanent areas: migrate the SUB-IP working groups to other IETF areas sometime soon, likely before next summer and close the SUB-IP area. Also, reconstitute the SUB-IP (and/or other) directorates to ensure the continued coordination between the remaining WGs. Status quo (#3) merely delays this discussion indefinitely because of the lack of a timeline and, as Grenville pointed out in his email, no protection against adding new wgs into Sub-IP area. I prefer option #1, and if there are reasons IETF should have a Sub-IP area, they should be argued assuming the area is closed. yushun. However, I would prefer that we change: IESG selecting two sitting ADs to continue to IESG selecting two people as ADs That is, the IESG could select people who aren't currently sitting ADs. (or they can select sitting ADs) ] ON HUMILITY: to err is human. To moo, bovine. | firewalls [ ] Michael Richardson, Sandelman Software Works, Ottawa, ON|net architect[ ] [EMAIL PROTECTED] http://www.sandelman.ottawa.on.ca/ |device driver[ ] panic(Just another Debian GNU/Linux using, kernel hacking, security guy); [ -BEGIN PGP SIGNATURE- Version: GnuPG v1.0.7 (GNU/Linux) Comment: Finger me for keys iQCVAwUBPfUnDoqHRg3pndX9AQEghQQA57ZhokVCkMDIt8Xix4yu1tjCQEb9JmcD ksrpBr60p3dN5TKnGiHn+qPX6cX0J1PSiiPckkLjN6x1HiKDScxEFncOIeWhx9L0 Zo6dDQIP64Abg4OsF3qiKEOgr5t5QOoMyr1By7f6Q97/iF8KzPQznLmASm+diipd Oy7Y08BefpU= =UHO4 -END PGP SIGNATURE- -- Yu-Shun Wang [EMAIL PROTECTED] Information Sciences Institute University of Southern California
Re: IETF Sub-IP area: request for input
Paul Hoffman / IMC wrote: - The statement that some of the WGs in the SubIP area are about to finish up may be deceptive. Some of the WGs are accepting new proposals on wide-ranging topics. This is an important point. An example is PPVPN, which is chartered to work on specification of requirements, with new protocol work being explicitly out-of-scope. However, some current PPVPN IDs (and several more targetted at it) read more like solution documents for various existing vendor schemes, specifying packet headers and MIBs. Another indication is that those IDs aim at standards track, whereas requirements documents would more naturally fall under Informational or maybe BCP. So PPVPN at least seems quite happy to go out-of-scope, and is thus unlikely to stick to their given timeframe. Lars PS: I support 1/ - close SUB-IP and migrate the WGs. -- Lars Eggert [EMAIL PROTECTED] USC Information Sciences Institute smime.p7s Description: S/MIME Cryptographic Signature
RE: a personal opinion on what to do about the sub-ip area
At 4:50 PM -0800 12/9/02, Tony Hain wrote: If there were are real need for cross group coordination within the sub-IP area, that would be a little clearer. A presentation at the SubIP Area meeting in Atlanta drove home the point that the amount of coordination in the area was not as high as expected when the area started. The originally-envisioned hourglass (with CCAMP in the middle) turned into spaghetti. This is not to say that the spaghetti is bad, just that the proposed coordination didn't help keep them on track and therefore might be less needed than some are saying. --Paul Hoffman, Director --Internet Mail Consortium
Re: namedroppers, continued
Blinded coins a la digicash http://www.law.miami.edu/~froomkin/articles/oceanno.htm#xtocid583124 On Mon, 9 Dec 2002 [EMAIL PROTECTED] wrote: On Mon, 09 Dec 2002 17:47:58 EST, Edward Lewis said: Does anybody have a reference on an authorization scheme that doesn't imply any authentication? World readable files. We know how to do that already ;) I was thinking more along the lines of a zero-knowledge proof or something like that - a scheme where you can prove you're authorized to do something(*) without having to prove who you are first. (*) and explicitly ruling out the 'null check, everybody is allowed' case ;) /Valdis -- Please visit http://www.icannwatch.org A. Michael Froomkin |Professor of Law| [EMAIL PROTECTED] U. Miami School of Law, P.O. Box 248087, Coral Gables, FL 33124 USA +1 (305) 284-4285 | +1 (305) 284-6506 (fax) | http://www.law.tm --It's warm here.--
Re: namedroppers, continued
--On Monday, 09 December, 2002 17:49 -0500 Bill Cunningham [EMAIL PROTECTED] wrote: I haven't personally tried myself to opt out. But I've read they have the form. If they told you they don't have a form to sort out junk mail for you I'd say they were full out it. I'd call the Postmaster General's office. Bill, For the US Post Office, they don't have the form. In another context, I've been over this with the Postal Inspection Service. They have two other forms and models, one of which is probably getting confused with this. (1) You can decline to receive the particular form of junk mail that is addressed to occupant, boxholder, or similar generic terms. For that, there is a form. (2) You can also decide that particular types of materials, identifed by specific description (nearly impossible in most cases) or source is obscene. Once you do that, and perform the relevant rituals, it becomes illegal for identified sources to send the stuff to you. In general, you can't get the post office to open all of your mail and do content filtering to be sure it doesn't meet your criteria for obscenity. And you probably wouldn't want to, since that would require authorizing them to open and read all of your mail. But it can be an effective way to prevent a particular sender for sending you specific kinds of materials, since the penalties for sending obscene materials through the mails are quite severe. If it is addressed to you, by name and matching address, they are, as Stephen indicated, legally required to deliver it (unless it falls under the prohibitions of (2) above). So, oddly, you can opt out of untargeted mailings, but not out of targeted ones. john
Re: IETF Sub-IP area: request for input (fwd)
At 09:55 PM 12/4/2002 +0100, Harald Tveit Alvestrand wrote: The options seem to be: 1/ move WGs (back) to permanent areas: migrate the SUB-IP working groups to other IETF areas sometime soon, likely before next summer and close the SUB-IP area. Also, reconstitute the SUB-IP (and/or other) directorates to ensure the continued coordination between the remaining WGs. 2/ establish a long-term area: decide that the SUB-IP area will be a long-term one, clearly define its charter, and ask the nomcom to select one or two people to be Area Directors 3/ status quo: continue the SUB-IP Area as a temporary, ad-hoc effort, much as it has been, with the IESG selecting two sitting ADs to continue the effort that Bert Scott have been doing. But maybe give more responsibility to the working group's technical advisors, normally the AD from the area where the working group might otherwise live. After reading through the discussions and thinking about the IETF needs as a whole, I want to propose a 4th alternative (which is a merge of the opt 2 and 3): a) Sunset the area with a final decision point as 12/31/2003 and a closing date of 03/01/2004. No further WGs will be chartered in this area. b) Ask the Nomcom to appoint 1 area director not from the current set of ADs for a term of 1 year. Term would run March 02 to March 03. I think this approach would accomplish two things: 1) The area would be legitimized for the period of operation and that would bring it under normal IETF procedures. 2) We (the IETF) would have an opportunity to apprentice/train a new AD in a lower stress/load environment than the usual area. In Dec 03, if there is sufficient reason to continue the area, the NOMCOM can act to continue the appointment or to appoint another or other ADs as well as more fully define the charter. If not, the area can close in March. Mike
Re: namedroppers, continued
- Original Message - From: John C Klensin [EMAIL PROTECTED] To: Bill Cunningham [EMAIL PROTECTED] Cc: Stephen Sprunk [EMAIL PROTECTED]; [EMAIL PROTECTED] Sent: Monday, December 09, 2002 9:16 PM Subject: Re: namedroppers, continued --On Monday, 09 December, 2002 17:49 -0500 Bill Cunningham [EMAIL PROTECTED] wrote: I haven't personally tried myself to opt out. But I've read they have the form. If they told you they don't have a form to sort out junk mail for you I'd say they were full out it. I'd call the Postmaster General's office. Bill, For the US Post Office, they don't have the form. In another context, I've been over this with the Postal Inspection Service. They have two other forms and models, one of which is probably getting confused with this. (1) You can decline to receive the particular form of junk mail that is addressed to occupant, boxholder, or similar generic terms. For that, there is a form. (2) You can also decide that particular types of materials, identifed by specific description (nearly impossible in most cases) or source is obscene. Once you do that, and perform the relevant rituals, it becomes illegal for identified sources to send the stuff to you. In general, you can't get the post office to open all of your mail and do content filtering to be sure it doesn't meet your criteria for obscenity. And you probably wouldn't want to, since that would require authorizing them to open and read all of your mail. But it can be an effective way to prevent a particular sender for sending you specific kinds of materials, since the penalties for sending obscene materials through the mails are quite severe. If it is addressed to you, by name and matching address, they are, as Stephen indicated, legally required to deliver it (unless it falls under the prohibitions of (2) above). So, oddly, you can opt out of untargeted mailings, but not out of targeted ones. john I checked 39USC and 39CFR955 I guess the postal service maintains a list if you want to not receive mailing for sexually oriented materials, sweepstakes, and pandering solicitations. But that's about it. As far as the USPS goes.
RE: Reminder: Deadline for input on sub-ip discussion
I have an interesting set of questions for you Harold, 1) How effective would the IESG be with 2 more members, more effective, or less 2) What would happen to any new IESG members in the SUB-IP area, if the area is shut down ? In otherwords, does the IESG think that a two new members would help overall effectiveness, or make it lower If the consensus of the IESG is that adding more members would make them less effective go with the victim/temporary route. If the consensus of the IESG is that adding two members would make the IESG more effective, lets look at making it permanent, or have a place to put the extra members when the temporary area shuts down. In other words what makes that IESG more effective Bill -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Harald Tveit Alvestrand Sent: Monday, December 09, 2002 1:22 PM To: [EMAIL PROTECTED] Subject: Reminder: Deadline for input on sub-ip discussion All, On Wed Dec 4th, we asked for input to help us decide on the future of the SUB-IP Area. See our posting at http://www.ietf.org/mail-archive/ietf/Current/msg18370.html We had a large majority of people at the SUBIP Area meeting in Atlanta expressing that they want the area to be long(er) lived. This will be part of our input. But we need/want to hear from the IETF community. So please express your opionion (and the reasoning behind it) asap on [EMAIL PROTECTED], but certainly before Thursday Dec 12th 10am US Eastern time. As expressed in the above posting (with data points and discussion included), the 3 choices for the SUB-IP Area seem to be: 1/ move WGs (back) to permanent areas: migrate the SUB-IP working groups to other IETF areas sometime soon, likely before next summer and close the SUB-IP area. Also, reconstitute the SUB-IP (and/or other) directorates to ensure the continued coordination between the remaining WGs. 2/ establish a long-term area: decide that the SUB-IP area will be a long-term one, clearly define its charter, and ask the nomcom to select one or two people to be Area Directors 3/ status quo: continue the SUB-IP Area as a temporary, ad-hoc effort, much as it has been, with the IESG selecting two sitting ADs to continue the effort that Bert Scott have been doing. But maybe give more responsibility to the working group's technical advisors, normally the AD from the area where the working group might otherwise live. The opinions expressed so far seem to show clearly that the community is divided on the issue, with perhaps some preference for the status quo (alternative 3). If you have a strong preference for one (or two) of these, and have not yet said so, please indicate your opinion (and your reasons) by mail to [EMAIL PROTECTED] before Thursday. Thank you! Harald Alvestrand, for the IESG (please repost this message where appropriate)
Re: Reminder: Deadline for input on sub-ip discussion
Bill Strahm wrote: I have an interesting set of questions for you Harold, 1) How effective would the IESG be with 2 more members, more effective, or less 2) What would happen to any new IESG members in the SUB-IP area, if the area is shut down ? I think this is a seductively reasonable-sounding-yet-misguided rephrasing of the issue. Sub-IP as an Area ought to be evaluated on its applicability to the IETF. The IESG support (generally quite well and unthanked) the goals of the IETF. If Sub-IP as an Area makes sense for the IETF, then (and only then) does the question arise of whether to add more IESG members. Let's not get the order reversed. cheers, gja -- Grenville Armitage http://caia.swin.edu.au
